Sign-up

ID

VAR-200303-0072


CVE

CVE-2003-0088


TITLE

Apple MacOS Classic TruBlueEnvironment Environment Variable Privilege Escalation Vulnerability

Trust: 0.9

sources: BID: 6859 // CNNVD: CNNVD-200303-002

DESCRIPTION

TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information. There is a vulnerability in the Apple MacOS Classic emulator for MacOS X that may lead to elevation of privileges. This issue exists in TruBlueEnvironment, which is included in the emulator. The environment variable is used to define a location to output debugging information to a file. Exploitation of this issue may enable a malicious local user to gain elevated privileges by causing malicious files to be run through a facility such as cron. Overwriting critical system files may also cause a denial of service. TruBlueEnvironment is a tool included with the MacOS Classic Emulator, installed as setuid root by default. There is a problem with setting environment variables in TruBlueEnvironment. Local attackers can use this vulnerability to perform privilege escalation attacks through cron tools, or overwrite important system files to perform denial-of-service attacks. If the file exists, it will be set to zero bytes. If the file does not exist, it will be created with the umask permission of the calling process. Although the attacker cannot create a file with execution permission, the file created in this way can be read and written globally. In MacOS X, this vulnerability can be used to automatically create files through cron. By default, cron uses the periodic command for daily maintenance. This command will receive several files and pass them to the SHELL parser to run. Since these scripts are run with root user privileges running, so possibly privilege escalation by running cron and TruBluEnvironment

Trust: 1.26

sources: NVD: CVE-2003-0088 // BID: 6859 // VULHUB: VHN-6918

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.2.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.2.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.2.2

Trust: 1.6

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.4

Trust: 0.3

sources: BID: 6859 // CNNVD: CNNVD-200303-002 // NVD: CVE-2003-0088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0088
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200303-002
value: HIGH

Trust: 0.6

VULHUB: VHN-6918
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0088
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6918
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6918 // CNNVD: CNNVD-200303-002 // NVD: CVE-2003-0088

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0088

THREAT TYPE

local

Trust: 0.9

sources: BID: 6859 // CNNVD: CNNVD-200303-002

TYPE

Design Error

Trust: 0.9

sources: BID: 6859 // CNNVD: CNNVD-200303-002

EXTERNAL IDS

db:NVDid:CVE-2003-0088

Trust: 2.0

db:BIDid:6859

Trust: 2.0

db:CNNVDid:CNNVD-200303-002

Trust: 0.7

db:ATSTAKEid:A021403-1

Trust: 0.6

db:XFid:11332

Trust: 0.6

db:VULHUBid:VHN-6918

Trust: 0.1

sources: VULHUB: VHN-6918 // BID: 6859 // CNNVD: CNNVD-200303-002 // NVD: CVE-2003-0088

REFERENCES

url:http://www.atstake.com/research/advisories/2003/a021403-1.txt

Trust: 1.7

url:http://www.securityfocus.com/bid/6859

Trust: 1.7

url:http://docs.info.apple.com/article.html?artnum=61798

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2003/feb/25/applesa20030225macosx102.txt

Trust: 1.7

url:http://www.iss.net/security_center/static/11332.php

Trust: 1.7

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

sources: VULHUB: VHN-6918 // BID: 6859 // CNNVD: CNNVD-200303-002 // NVD: CVE-2003-0088

CREDITS

Dave G.※ daveg@atstake.com

Trust: 0.6

sources: CNNVD: CNNVD-200303-002

SOURCES

db:VULHUBid:VHN-6918
db:BIDid:6859
db:CNNVDid:CNNVD-200303-002
db:NVDid:CVE-2003-0088

LAST UPDATE DATE

2024-08-14T13:40:27.694000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-6918date:2008-09-11T00:00:00
db:BIDid:6859date:2009-07-11T20:06:00
db:CNNVDid:CNNVD-200303-002date:2005-05-13T00:00:00
db:NVDid:CVE-2003-0088date:2008-09-11T00:05:48.070

SOURCES RELEASE DATE

db:VULHUBid:VHN-6918date:2003-03-03T00:00:00
db:BIDid:6859date:2003-02-14T00:00:00
db:CNNVDid:CNNVD-200303-002date:2003-02-14T00:00:00
db:NVDid:CVE-2003-0088date:2003-03-03T05:00:00